CVE-2026-4282
Received Received - Intake
Authorization Code Forgery in Keycloak SingleUseObjectProvider Enables Privilege Escalation

Publication date: 2026-04-02

Last updated on: 2026-04-16

Assigner: Red Hat, Inc.

Description
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an unauthenticated attacker to forge authorization codes. Successful exploitation can lead to the creation of admin-capable access tokens, resulting in privilege escalation.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-02
Last Modified
2026-04-16
Generated
2026-06-16
AI Q&A
2026-04-02
EPSS Evaluated
2026-06-15
NVD
CVE-2026-4282
EUVD
EUVD-2026-18208
Affected Vendors & Products
Showing 5 associated CPEs
Vendor Product Version / Range
redhat build_of_keycloak *
redhat build_of_keycloak 26.2
redhat build_of_keycloak 26.2.15
redhat build_of_keycloak 26.4
redhat build_of_keycloak 26.4.11
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-653 The product does not properly compartmentalize or isolate functionality, processes, or resources that require different privilege levels, rights, or permissions.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-4282 is a high-severity vulnerability in Keycloak caused by a flaw in the SingleUseObjectProvider component, which acts as a global key-value store without proper type or namespace isolation.

This flaw allows an unauthenticated attacker to forge authorization codes.

By exploiting these forged codes, the attacker can create access tokens with administrative privileges, leading to privilege escalation within the system.

Impact Analysis

The vulnerability can allow an unauthenticated attacker to escalate their privileges by forging authorization codes and generating admin-capable access tokens.

This means an attacker could gain administrative access to your Keycloak environment, potentially compromising the security and integrity of your system.

Mitigation Strategies

The vulnerability in Keycloak's SingleUseObjectProvider allows unauthenticated attackers to forge authorization codes and escalate privileges. Immediate mitigation steps include applying any available security patches or updates provided by Keycloak or your Linux distribution vendor.

Since the vulnerability affects all Linux environments running Keycloak and no specific version is mentioned, it is critical to monitor official Keycloak and Red Hat advisories for patches or workarounds.

Additionally, consider restricting network access to Keycloak instances, enforcing strict access controls, and monitoring for suspicious authorization code usage to reduce the risk of exploitation.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-4282. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart